From aa7490a9a440b4518f79318be773b7da34e93c93 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 30 Jul 2021 01:55:52 +0200 Subject: prometheus: add mikrotik exporter --- roles/monitoring/prometheus/exporter/meta/main.yml | 2 ++ .../prometheus/exporter/mikrotik/defaults/main.yml | 24 +++++++++++++ .../prometheus/exporter/mikrotik/handlers/main.yml | 11 ++++++ .../prometheus/exporter/mikrotik/tasks/main.yml | 41 ++++++++++++++++++++++ .../exporter/mikrotik/templates/config.yml.j2 | 7 ++++ .../exporter/mikrotik/templates/service.j2 | 30 ++++++++++++++++ 6 files changed, 115 insertions(+) create mode 100644 roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml create mode 100644 roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml create mode 100644 roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml create mode 100644 roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 create mode 100644 roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 (limited to 'roles') diff --git a/roles/monitoring/prometheus/exporter/meta/main.yml b/roles/monitoring/prometheus/exporter/meta/main.yml index 01e3f7f2..22131422 100644 --- a/roles/monitoring/prometheus/exporter/meta/main.yml +++ b/roles/monitoring/prometheus/exporter/meta/main.yml @@ -7,3 +7,5 @@ dependencies: when: "'blackbox' in (prometheus_exporters_default | union(prometheus_exporters_extra))" - role: monitoring/prometheus/exporter/nut when: "'nut' in (prometheus_exporters_default | union(prometheus_exporters_extra))" + - role: monitoring/prometheus/exporter/mikrotik + when: "'mikrotik' in (prometheus_exporters_default | union(prometheus_exporters_extra))" diff --git a/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml new file mode 100644 index 00000000..373cba47 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/defaults/main.yml @@ -0,0 +1,24 @@ +--- +# prometheus_exporter_mikrotik_devices: +# - name: bridge01 +# address: 1.2.3.4 +# port: 1234 +# user: prometheus +# password: secret + +prometheus_exporter_mikrotik_features: + bgp: false + dhcp: false + dhcpv6: false + dhcpl: false + routes: false + pools: false + wlansta: true + wlanif: true + monitor: true + health: false + firmware: true + ipsec: false + optics: false + poe: false + w60g: true diff --git a/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml new file mode 100644 index 00000000..cb85d0d9 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: restart prometheus-mikrotik-exporter + service: + name: prometheus-mikrotik-exporter + state: restarted + +- name: reload prometheus-exporter-exporter + service: + name: prometheus-exporter-exporter + ## TODO: implement reload once exporter_exporter supports this... + state: restarted diff --git a/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml new file mode 100644 index 00000000..c3ffe31b --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: install apt packages + apt: + name: prom-exporter-mikrotik + state: present + +- name: create config directory + file: + path: /etc/prometheus/exporter/mikrotik + state: directory + +- name: generate configuration + template: + src: config.yml.j2 + dest: /etc/prometheus/exporter/mikrotik/config.yml + owner: root + group: prometheus-exporter + mode: 0640 + notify: restart prometheus-mikrotik-exporter + +- name: generate systemd service unit + template: + src: service.j2 + dest: /etc/systemd/system/prometheus-mikrotik-exporter.service + notify: restart prometheus-mikrotik-exporter + +- name: make sure prometheus-mikrotik-exporter is enabled and started + systemd: + name: prometheus-mikrotik-exporter.service + daemon_reload: yes + state: started + enabled: yes + +- name: register exporter + copy: + content: | + method: http + http: + port: 9436 + dest: /etc/prometheus/exporter/enabled/mikrotik.yml + notify: reload prometheus-exporter-exporter diff --git a/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 b/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 new file mode 100644 index 00000000..a2dc1c71 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/templates/config.yml.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +devices: + {{ prometheus_exporter_mikrotik_devices | to_nice_yaml(indent=2) | indent(2)}} + +features: + {{ prometheus_exporter_mikrotik_features | to_nice_yaml(indent=2) | indent(2)}} diff --git a/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 b/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 new file mode 100644 index 00000000..a1c90455 --- /dev/null +++ b/roles/monitoring/prometheus/exporter/mikrotik/templates/service.j2 @@ -0,0 +1,30 @@ +[Unit] +Description=Prometheus mikrotik exporter + +[Service] +Restart=always +User=prometheus-exporter +ExecStart=/usr/bin/prometheus-mikrotik-exporter -port "127.0.0.1:9436" -config-file /etc/prometheus/exporter/mikrotik/config.yml + +# systemd hardening-options +AmbientCapabilities= +CapabilityBoundingSet= +DeviceAllow=/dev/null rw +DevicePolicy=strict +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +RemoveIPC=true +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3